[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPD per interface?



At 2:16 PM -0400 8/21/01, Cambria, Mike wrote:
>Does IPsec allow each interface to have its own SPD?  That is, for a given
>set of selectors, one interface can have a different policy (e.g. encryption
>algorithm etc.) than a different interface.
>
>My reading of RFC2401 leads me to believe that this is indeed possible (pg
>13 bottom.)
>
>		"... an SG had multiple external interfaces, it might be
>necessary to have separate SAD and SPD pairs for each interface."
>

yes, the SPD is nominally per-interface.

Steve


Follow-Ups: References: